<?php 
require_once('database.php');
$link=connectDB();
$tbl_name='login'; // Table name

$username=$_POST['username'];
$pass=$_POST['pass'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$pass = stripslashes($pass);
$username = mysql_real_escape_string($username);
$pass = mysql_real_escape_string($pass);

$sql="SELECT * FROM $tbl_name WHERE name='$username' and pass='$pass'";
$result=mysql_query($sql, $link);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['db_is_logged_in'] = true;
//header('Localhost: login_success.php');
header('Location: main.php');
exit;
}
else {
header('Location: index.php');
}
?>